<?php
@session_start();
@error_reporting(0);
@ini_set('display_errors', 'Off');
if (!isset($_SESSION['user_id'])) { header('Location: login.php'); exit; }
if (!isset($_POST['plan_id']) || !isset($_POST['payment_method'])) { header('Location: index.php'); exit; }
$rootPath = dirname(__DIR__, 3); 
define('ROOT_PATH', $rootPath . '/');
if (!file_exists(ROOT_PATH . 'config.php')) { 
    die("系统错误：配置文件丢失。路径: " . ROOT_PATH . 'config.php'); 
}
require_once ROOT_PATH . 'config.php';
$plan_id = intval($_POST['plan_id']);
$payment_method = trim($_POST['payment_method']);
$user_id = $_SESSION['user_id'];

try {
    $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME . ";charset=" . DB_CHARSET, DB_USER, DB_PASS);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt_settings = $pdo->query("SELECT setting_key, setting_value FROM sl_settings WHERE setting_key IN ('epay_pid', 'epay_key', 'epay_url')");
    $epay_config = $stmt_settings->fetchAll(PDO::FETCH_KEY_PAIR);
    
    if (empty($epay_config['epay_pid']) || empty($epay_config['epay_key']) || empty($epay_config['epay_url'])) {
        throw new Exception("支付网关未配置，请联系管理员。");
    }

    $stmt_plan = $pdo->prepare("SELECT * FROM sl_billing_plans WHERE id = ? AND is_active = 1");
    $stmt_plan->execute([$plan_id]);
    $plan = $stmt_plan->fetch(PDO::FETCH_ASSOC);
    if (!$plan) { throw new Exception("所选计费方案无效或已下架。"); }
    
    $order_id = date('YmdHis') . mt_rand(10000, 99999);
    $amount = $plan['price'];
    $sql = "INSERT INTO sl_orders (order_id, user_id, plan_id, amount, status) VALUES (?, ?, ?, ?, 'pending')";
    $stmt_insert = $pdo->prepare($sql);
    $stmt_insert->execute([$order_id, $user_id, $plan_id, $amount]);

    $base_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]";
    $notify_url = $base_url . '/payment/notify.php';
    $return_url = $base_url . '/payment/return.php';

    $params = [
        "pid" => $epay_config['epay_pid'],
        "type" => $payment_method,
        "out_trade_no" => $order_id,
        "notify_url" => $notify_url,
        "return_url" => $return_url,
        "name" => $plan['name'],
        "money"	=> $amount,
        "sitename" => "半点API"
    ];
    ksort($params);
    $string_to_sign = "";
    foreach ($params as $key => $val) {
        if ($val != '' && $key != 'sign' && $key != 'sign_type') {
            $string_to_sign .= $key . "=" . $val . "&";
        }
    }
    $string_to_sign = substr($string_to_sign, 0, -1);
    $sign = md5($string_to_sign . $epay_config['epay_key']);
    $params['sign'] = $sign;
    $params['sign_type'] = 'MD5';
    
    $payment_url = rtrim($epay_config['epay_url'], '/') . '/submit.php?' . http_build_query($params);
    header("Location: {$payment_url}");
    exit;

} catch (Exception $e) {
    $_SESSION['feedback_msg'] = '创建订单失败: ' . $e->getMessage();
    $_SESSION['feedback_type'] = 'error';
    header('Location: index.php');
    exit;
}
?>